The Chinese Winnti hacking group is using a new PHP backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. [...]
As the curtain closes on 2024, the critical infrastructure and OT (operational technology) sectors reflect upon a year... The post 2024 in retrospect: Lessons learned and cyber strategies shaping...
On November 26, 2024, Wiz Threat Research identified JINX-2401, a threat actor attempting to hijack LLM models in multiple AWS environments using compromised IAM credentials. The attackers...
Two critical vulnerabilities in Cleo file transfer software—CVE-2024-50623 and CVE-2024-55956—have been actively exploited, leading to unauthorized data access and system compromise. The Clop...
State officials said hundreds of thousands of Rhode Island residents could be affected by a cyberattack on the state’s online portal for social services, with a “high probability” that personally...
Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold...
Thai government officials have emerged as the target of a new campaign that leverages a technique called DLL side-loading to deliver a previously undocumented backdoor dubbed Yokai. "The target of...
Bitdefender bundles antivirus and anti-malware with other digital privacy tools to keep you safer. Here's how it works.
Plus: The US indicts North Koreans in fake IT worker scheme, file-sharing firm Cleo warns customers to patch a vulnerability amid live attacks, and more.
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. [...]
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000...
Analysis of packer-as-a-service (PaaS) HeartCrypt reveals its use in over 2k malicious payloads across 45 malware families since its early 2024 appearance. The post Crypted Hearts: Exposing the...
Australian IT pros are urged to strengthen defenses as Chinese cyber threats target critical infrastructure and sensitive data.
A security flaw has been disclosed in OpenWrt's Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The...
Another day, another healthcare database misconfiguration exposing sensitive patient information.
The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People's Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running...
Optum's AI chatbot was found exposed online at a time when the healthcare giant faces scrutiny for its use of AI to allegedly deny patient claims. © 2024 TechCrunch. All rights reserved. For...
In an effort to continue the positive trend of the healthcare industry not experiencing the highest number of breaches in Q1 of 2024, the US Department of Health and Human Services (HHS) launched...
Baron Martin is linked to extremist online networks 764 and CVLT. The post Arizona man arrested for alleged involvement in violent online terror networks appeared first on CyberScoop.
A flurry of drone sightings across New Jersey and New York has sparked national intrigue and US government responses. But experts are pouring cold water on America's hottest new conspiracy theory.
The credit union filed breach notification documents with regulators in Maine and Texas on Friday acknowledging that it recently detected suspicious activity on its network.
Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company. [...]
Health Tech is booming, projected to grow from $312.92B in 2024 to $981.23B by 2032. Serhiy Tokarev highlights…
We went hands-on with Keeper's password manager, and found that it takes security seriously, using leading encryption technology to protect your sensitive data.
Ardit Kutleshi, 26, and Jetmir Kutleshi, 28, were arrested in Kosovo by local law enforcement on Thursday and U.S. officials submitted a request for extradition through an indictment unsealed in...
Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been...
Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. [...]
Run by the team at orchestration, AI, and automation platform Tines, the Tines library contains pre-built workflows shared by real security practitioners from across the community, all of which...
Small, easily weaponizable drones have become a feature of battlefields from the Middle East to Ukraine. Now the threat looms over the US homeland—and the Pentagon's ability to respond is limited.
CISA confirmed today that a critical remote code execution bug in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. [...]